package com.maverick.ssl;

import com.maverick.crypto.asn1.DERInputStream;
import com.maverick.crypto.asn1.x509.CertificateException;
import com.maverick.crypto.asn1.x509.X509Certificate;
import com.maverick.crypto.asn1.x509.X509CertificateStructure;
import com.maverick.crypto.digests.MD5Digest;
import com.maverick.crypto.digests.SHA1Digest;
import com.maverick.crypto.publickey.Rsa;
import com.maverick.crypto.publickey.RsaPublicKey;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.text.MessageFormat;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/maverick/ssl/SSLHandshakeProtocol.class */
public class SSLHandshakeProtocol {
    static final int HANDSHAKE_PROTOCOL_MSG = 22;
    static final int HELLO_REQUEST_MSG = 0;
    static final int CLIENT_HELLO_MSG = 1;
    static final int SERVER_HELLO_MSG = 2;
    static final int CERTIFICATE_MSG = 11;
    static final int KEY_EXCHANGE_MSG = 12;
    static final int CERTIFICATE_REQUEST_MSG = 13;
    static final int SERVER_HELLO_DONE_MSG = 14;
    static final int CERTIFICATE_VERIFY_MSG = 15;
    static final int CLIENT_KEY_EXCHANGE_MSG = 16;
    static final int FINISHED_MSG = 20;
    static final int HANDSHAKE_PENDING_OR_COMPLETE = -1;
    SSLContext context;
    SSLTransportImpl socket;
    SSLCipherSuiteID cipherSuiteID;
    int compressionID;
    byte[] sessionID;
    int majorVersion;
    int minorVersion;
    byte[] clientRandom;
    byte[] serverRandom;
    byte[] premasterSecret;
    byte[] masterSecret;
    X509Certificate x509;
    SSLCipherSuite pendingCipherSuite;
    static Log log = LogFactory.getLog(SSLHandshakeProtocol.class);
    MD5Digest handshakeMD5 = new MD5Digest();
    SHA1Digest handshakeSHA1 = new SHA1Digest();
    boolean wantsClientAuth = false;
    int currentHandshakeStep = HANDSHAKE_PENDING_OR_COMPLETE;

    public SSLHandshakeProtocol(SSLTransportImpl sSLTransportImpl, SSLContext sSLContext) {
        this.socket = sSLTransportImpl;
        this.context = sSLContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isComplete() {
        return this.currentHandshakeStep == HANDSHAKE_PENDING_OR_COMPLETE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processMessage(byte[] bArr, int i, int i2) throws SSLException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr, i, i2);
        updateHandshakeHashes(bArr);
        while (byteArrayInputStream.available() > 0 && !isComplete()) {
            int read = byteArrayInputStream.read();
            int read2 = ((byteArrayInputStream.read() & 255) << CLIENT_KEY_EXCHANGE_MSG) | ((byteArrayInputStream.read() & 255) << 8) | (byteArrayInputStream.read() & 255);
            log.debug(MessageFormat.format(Messages.getString("SSLHandshakeProtocol.processingType"), new Integer(read), new Long(read2)));
            byte[] bArr2 = new byte[read2];
            try {
                byteArrayInputStream.read(bArr2);
                switch (read) {
                    case 0:
                        log.debug(Messages.getString("SSLHandshakeProtocol.receivedHELLO"));
                        if (this.currentHandshakeStep != HANDSHAKE_PENDING_OR_COMPLETE) {
                            break;
                        } else {
                            startHandshake();
                            break;
                        }
                    case 2:
                        log.debug(Messages.getString("SSLHandshakeProtocol.receivedServerHELLO"));
                        if (this.currentHandshakeStep == 1) {
                            onServerHelloMsg(bArr2);
                            break;
                        } else {
                            throw new SSLException(SSLException.PROTOCOL_VIOLATION, MessageFormat.format(Messages.getString("SSLHandshakeProtocol.receivedUnexpectedServerHello"), new Integer(this.currentHandshakeStep)));
                        }
                    case CERTIFICATE_MSG /* 11 */:
                        log.debug(Messages.getString("SSLHandshakeProtocol.receivedServerCertificate"));
                        if (this.currentHandshakeStep == 2) {
                            onCertificateMsg(bArr2);
                            break;
                        } else {
                            throw new SSLException(SSLException.PROTOCOL_VIOLATION, MessageFormat.format(Messages.getString("SSLHandshakeProtocol.unexpectedCertificateMessageReceived"), new Integer(this.currentHandshakeStep)));
                        }
                    case KEY_EXCHANGE_MSG /* 12 */:
                        log.debug(Messages.getString("SSLHandshakeProtocol.receivedUnsupportedServerKEX"));
                        throw new SSLException(SSLException.UNSUPPORTED_OPERATION, Messages.getString("SSLHandshakeProtocol.kexNotSupported"));
                    case CERTIFICATE_REQUEST_MSG /* 13 */:
                        log.debug(Messages.getString("SSLHandshakeProtocol.receivedUnsupportedClientCert"));
                        this.wantsClientAuth = true;
                        break;
                    case SERVER_HELLO_DONE_MSG /* 14 */:
                        log.debug(Messages.getString("SSLHandshakeProtocol.helloDone"));
                        if (this.currentHandshakeStep == CERTIFICATE_MSG) {
                            if (this.wantsClientAuth) {
                                log.debug(Messages.getString("SSLHandshakeProtocol.sendingNoCert"));
                                this.socket.sendMessage(21, new byte[]{1, 41});
                            }
                            onServerHelloDoneMsg();
                            break;
                        } else {
                            throw new SSLException(SSLException.PROTOCOL_VIOLATION, MessageFormat.format(Messages.getString("SSLHandshakeProtocol.unexpectedServerHelloDone"), new Integer(this.currentHandshakeStep)));
                        }
                    case 20:
                        log.debug(Messages.getString("SSLHandshakeProtocol.receivedServerFinished"));
                        if (this.currentHandshakeStep == 20) {
                            this.currentHandshakeStep = HANDSHAKE_PENDING_OR_COMPLETE;
                            break;
                        } else {
                            throw new SSLException(SSLException.PROTOCOL_VIOLATION);
                        }
                }
            } catch (IOException e) {
                throw new SSLException(997, e.getMessage() == null ? e.getClass().getName() : e.getMessage());
            }
        }
    }

    public X509Certificate getCertificate() {
        return this.x509;
    }

    private void sendMessage(int i, byte[] bArr) throws SSLException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(i);
            byteArrayOutputStream.write((bArr.length >> CLIENT_KEY_EXCHANGE_MSG) & 255);
            byteArrayOutputStream.write((bArr.length >> 8) & 255);
            byteArrayOutputStream.write(bArr.length);
            byteArrayOutputStream.write(bArr);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (i != 20) {
                updateHandshakeHashes(byteArray);
            }
            this.socket.sendMessage(HANDSHAKE_PROTOCOL_MSG, byteArray);
        } catch (IOException e) {
            throw new SSLException(997, e.getMessage() == null ? e.getClass().getName() : e.getMessage());
        }
    }

    public void startHandshake() throws SSLException {
        if (this.currentHandshakeStep != HANDSHAKE_PENDING_OR_COMPLETE) {
            throw new SSLException(SSLException.PROTOCOL_VIOLATION, Messages.getString("SSLHandshakeProtocol.alreadyInProgress"));
        }
        log.debug(Messages.getString("SSLHandshakeProtocol.starting"));
        sendClientHello();
    }

    private void calculateMasterSecret() throws SSLException {
        log.debug(Messages.getString("SSLHandshakeProtocol.calculatingMasterSecret"));
        try {
            MD5Digest mD5Digest = new MD5Digest();
            SHA1Digest sHA1Digest = new SHA1Digest();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            String[] strArr = {"A", "BB", "CCC"};
            for (int i = 0; i < strArr.length; i++) {
                mD5Digest.reset();
                sHA1Digest.reset();
                sHA1Digest.update(strArr[i].getBytes(), 0, strArr[i].getBytes().length);
                sHA1Digest.update(this.premasterSecret, 0, this.premasterSecret.length);
                sHA1Digest.update(this.clientRandom, 0, this.clientRandom.length);
                sHA1Digest.update(this.serverRandom, 0, this.serverRandom.length);
                mD5Digest.update(this.premasterSecret, 0, this.premasterSecret.length);
                byte[] bArr = new byte[sHA1Digest.getDigestSize()];
                sHA1Digest.doFinal(bArr, 0);
                mD5Digest.update(bArr, 0, bArr.length);
                byte[] bArr2 = new byte[mD5Digest.getDigestSize()];
                mD5Digest.doFinal(bArr2, 0);
                byteArrayOutputStream.write(bArr2);
            }
            this.masterSecret = byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new SSLException(997, e.getMessage() == null ? e.getClass().getName() : e.getMessage());
        }
    }

    private void calculatePreMasterSecret() {
        log.debug(Messages.getString("SSLHandshakeProtocol.generatingPreMasterSecret"));
        this.premasterSecret = new byte[48];
        this.context.getRND().nextBytes(this.premasterSecret);
        this.premasterSecret[0] = 3;
        this.premasterSecret[1] = 0;
    }

    private void onServerHelloDoneMsg() throws SSLException {
        calculatePreMasterSecret();
        try {
            BigInteger bigInteger = new BigInteger(1, this.premasterSecret);
            RsaPublicKey publicKey = this.x509.getPublicKey();
            if (!(publicKey instanceof RsaPublicKey)) {
                throw new SSLException(43);
            }
            byte[] byteArray = Rsa.doPublic(Rsa.padPKCS1(bigInteger, 2, 128), publicKey.getModulus(), publicKey.getPublicExponent()).toByteArray();
            if (byteArray[0] == 0) {
                byte[] bArr = new byte[byteArray.length - 1];
                System.arraycopy(byteArray, 1, bArr, 0, byteArray.length - 1);
                byteArray = bArr;
            }
            sendMessage(CLIENT_KEY_EXCHANGE_MSG, byteArray);
            calculateMasterSecret();
            log.debug(Messages.getString("SSLHandshakeProtocol.generatingKeyData"));
            int keyLength = 0 + (this.pendingCipherSuite.getKeyLength() * 2) + (this.pendingCipherSuite.getMACLength() * 2) + (this.pendingCipherSuite.getIVLength() * 2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            MD5Digest mD5Digest = new MD5Digest();
            SHA1Digest sHA1Digest = new SHA1Digest();
            int i = 0;
            while (byteArrayOutputStream.size() < keyLength) {
                mD5Digest.reset();
                sHA1Digest.reset();
                for (int i2 = 0; i2 <= i; i2++) {
                    sHA1Digest.update((byte) (65 + i));
                }
                sHA1Digest.update(this.masterSecret, 0, this.masterSecret.length);
                sHA1Digest.update(this.serverRandom, 0, this.serverRandom.length);
                sHA1Digest.update(this.clientRandom, 0, this.clientRandom.length);
                mD5Digest.update(this.masterSecret, 0, this.masterSecret.length);
                byte[] bArr2 = new byte[sHA1Digest.getDigestSize()];
                sHA1Digest.doFinal(bArr2, 0);
                mD5Digest.update(bArr2, 0, bArr2.length);
                byte[] bArr3 = new byte[mD5Digest.getDigestSize()];
                mD5Digest.doFinal(bArr3, 0);
                byteArrayOutputStream.write(bArr3, 0, bArr3.length);
                i++;
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            byte[] bArr4 = new byte[this.pendingCipherSuite.getKeyLength()];
            byte[] bArr5 = new byte[this.pendingCipherSuite.getIVLength()];
            byte[] bArr6 = new byte[this.pendingCipherSuite.getMACLength()];
            byte[] bArr7 = new byte[this.pendingCipherSuite.getKeyLength()];
            byte[] bArr8 = new byte[this.pendingCipherSuite.getIVLength()];
            byte[] bArr9 = new byte[this.pendingCipherSuite.getMACLength()];
            try {
                byteArrayInputStream.read(bArr6);
                byteArrayInputStream.read(bArr9);
                byteArrayInputStream.read(bArr4);
                byteArrayInputStream.read(bArr7);
                byteArrayInputStream.read(bArr5);
                byteArrayInputStream.read(bArr8);
                this.pendingCipherSuite.init(bArr4, bArr5, bArr6, bArr7, bArr8, bArr9);
                this.currentHandshakeStep = SERVER_HELLO_DONE_MSG;
                this.socket.sendCipherChangeSpec(this.pendingCipherSuite);
                sendHandshakeFinished();
            } catch (IOException e) {
                throw new SSLException(997, e.getMessage() == null ? e.getClass().getName() : e.getMessage());
            }
        } catch (CertificateException e2) {
            throw new SSLException(43, e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLCipherSuite getPendingCipherSuite() {
        return this.pendingCipherSuite;
    }

    void updateHandshakeHashes(byte[] bArr) {
        log.debug(Messages.getString("SSLHandshakeProtocol.updatingHandshakeHashes"));
        this.handshakeMD5.update(bArr, 0, bArr.length);
        this.handshakeSHA1.update(bArr, 0, bArr.length);
    }

    private void completeHandshakeHashes() {
        log.debug(Messages.getString("SSLHandshakeProtocol.completingHandshakeHashes"));
        this.handshakeMD5.update((byte) 67);
        this.handshakeMD5.update((byte) 76);
        this.handshakeMD5.update((byte) 78);
        this.handshakeMD5.update((byte) 84);
        this.handshakeMD5.update(this.masterSecret, 0, this.masterSecret.length);
        for (int i = 0; i < 48; i++) {
            this.handshakeMD5.update((byte) 54);
        }
        byte[] bArr = new byte[this.handshakeMD5.getDigestSize()];
        this.handshakeMD5.doFinal(bArr, 0);
        this.handshakeMD5.reset();
        log.debug(MessageFormat.format(Messages.getString("SSLHandshakeProtocol.masterSecret"), new Long(this.masterSecret.length), String.valueOf((int) this.masterSecret[0])));
        this.handshakeMD5.update(this.masterSecret, 0, this.masterSecret.length);
        for (int i2 = 0; i2 < 48; i2++) {
            this.handshakeMD5.update((byte) 92);
        }
        this.handshakeMD5.update(bArr, 0, bArr.length);
        this.handshakeSHA1.update((byte) 67);
        this.handshakeSHA1.update((byte) 76);
        this.handshakeSHA1.update((byte) 78);
        this.handshakeSHA1.update((byte) 84);
        this.handshakeSHA1.update(this.masterSecret, 0, this.masterSecret.length);
        for (int i3 = 0; i3 < 40; i3++) {
            this.handshakeSHA1.update((byte) 54);
        }
        byte[] bArr2 = new byte[this.handshakeSHA1.getDigestSize()];
        this.handshakeSHA1.doFinal(bArr2, 0);
        this.handshakeSHA1.reset();
        this.handshakeSHA1.update(this.masterSecret, 0, this.masterSecret.length);
        for (int i4 = 0; i4 < 40; i4++) {
            this.handshakeSHA1.update((byte) 92);
        }
        this.handshakeSHA1.update(bArr2, 0, bArr2.length);
    }

    private void sendHandshakeFinished() throws SSLException {
        completeHandshakeHashes();
        log.debug("Sending client FINISHED");
        byte[] bArr = new byte[this.handshakeMD5.getDigestSize() + this.handshakeSHA1.getDigestSize()];
        this.handshakeMD5.doFinal(bArr, 0);
        this.handshakeSHA1.doFinal(bArr, this.handshakeMD5.getDigestSize());
        sendMessage(20, bArr);
        this.currentHandshakeStep = 20;
    }

    private void onCertificateMsg(byte[] bArr) throws SSLException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        int read = ((byteArrayInputStream.read() & 255) << CLIENT_KEY_EXCHANGE_MSG) | ((byteArrayInputStream.read() & 255) << 8) | (byteArrayInputStream.read() & 255);
        boolean z = false;
        while (byteArrayInputStream.available() > 0 && !z) {
            try {
                int read2 = ((byteArrayInputStream.read() & 255) << CLIENT_KEY_EXCHANGE_MSG) | ((byteArrayInputStream.read() & 255) << 8) | (byteArrayInputStream.read() & 255);
                X509Certificate x509Certificate = new X509Certificate(X509CertificateStructure.getInstance(new DERInputStream(byteArrayInputStream).readObject()));
                if (this.x509 == null) {
                    this.x509 = x509Certificate;
                }
                try {
                    z = this.context.getTrustedCACerts().isTrustedCertificate(x509Certificate, this.context.isInvalidCertificateAllowed(), this.context.isUntrustedCertificateAllowed());
                } catch (SSLException e) {
                    log.warn(Messages.getString("SSLHandshakeProtocol.failedToVerifyCertAgainstTruststore"), e);
                }
            } catch (IOException e2) {
                throw new SSLException(997, e2.getMessage());
            }
        }
        if (!z) {
            throw new SSLException(42, Messages.getString("SSLHandshakeProtocol.certInvalidOrUntrusted"));
        }
        log.debug(Messages.getString("SSLHandshakeProtocol.x509Cert"));
        log.debug(Messages.getString("SSLHandshakeProtocol.x509Cert.subject") + this.x509.getSubjectDN());
        log.debug(Messages.getString("SSLHandshakeProtocol.x509Cert.issuer") + this.x509.getIssuerDN());
        this.currentHandshakeStep = CERTIFICATE_MSG;
    }

    private void onServerHelloMsg(byte[] bArr) throws SSLException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            this.majorVersion = byteArrayInputStream.read();
            this.minorVersion = byteArrayInputStream.read();
            this.serverRandom = new byte[32];
            byteArrayInputStream.read(this.serverRandom);
            this.sessionID = new byte[byteArrayInputStream.read() & 255];
            byteArrayInputStream.read(this.sessionID);
            this.cipherSuiteID = new SSLCipherSuiteID(byteArrayInputStream.read(), byteArrayInputStream.read());
            this.pendingCipherSuite = (SSLCipherSuite) this.context.getCipherSuiteClass(this.cipherSuiteID).newInstance();
            this.compressionID = byteArrayInputStream.read();
            this.currentHandshakeStep = 2;
        } catch (IOException e) {
            throw new SSLException(997, e.getMessage() == null ? e.getClass().getName() : e.getMessage());
        } catch (IllegalAccessException e2) {
            throw new SSLException(997, e2.getMessage() == null ? e2.getClass().getName() : e2.getMessage());
        } catch (InstantiationException e3) {
            throw new SSLException(997, e3.getMessage() == null ? e3.getClass().getName() : e3.getMessage());
        }
    }

    private void sendClientHello() throws SSLException {
        log.debug(Messages.getString("SSLHandshakeProtocol.sendingClientHello"));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            this.clientRandom = new byte[32];
            this.context.getRND().nextBytes(this.clientRandom);
            long currentTimeMillis = System.currentTimeMillis();
            this.clientRandom[0] = (byte) ((currentTimeMillis >> 24) & 255);
            this.clientRandom[1] = (byte) ((currentTimeMillis >> 16) & 255);
            this.clientRandom[2] = (byte) ((currentTimeMillis >> 8) & 255);
            this.clientRandom[3] = (byte) (currentTimeMillis & 255);
            byteArrayOutputStream.write(3);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(this.clientRandom);
            byteArrayOutputStream.write(0);
            SSLCipherSuiteID[] cipherSuiteIDs = this.context.getCipherSuiteIDs();
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(cipherSuiteIDs.length * 2);
            for (int i = 0; i < cipherSuiteIDs.length; i++) {
                byteArrayOutputStream.write(cipherSuiteIDs[i].id1);
                byteArrayOutputStream.write(cipherSuiteIDs[i].id2);
            }
            byteArrayOutputStream.write(1);
            byteArrayOutputStream.write(0);
            sendMessage(1, byteArrayOutputStream.toByteArray());
            this.currentHandshakeStep = 1;
        } catch (IOException e) {
            throw new SSLException(997, e.getMessage() == null ? e.getClass().getName() : e.getMessage());
        }
    }
}
